[tor-bugs] #26832 [Applications/Tor Check]: Allow use of https://check.torproject.org/api/ip by content
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 17 05:20:11 UTC 2018
#26832: Allow use of https://check.torproject.org/api/ip by content
----------------------------------------+---------------------
Reporter: arthuredelstein | Owner: arlolra
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Check | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
----------------------------------------+---------------------
I would like to create a page on another domain that demonstrates stream
isolation in Tor Browser. This is the mechanism whereby a web page in an
iframe is downloaded via the same Tor circuit as the first party parent
document was.
Right now, https://check.torproject.org/api/ip cannot be included in
iframes or fetched by a script in a web page.
So I would like to propose setting
Access-Control-Allow-Origin: *
and removing the `X-Frame-Options` header
for this particular endpoint.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26832>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list